Forum Discussion
Jeremy_Schonebe
Nimbostratus
NimbostratusSSL Offloading using iRules
Hello - I have the following iRule in place for an internal application.
when CLIENT_ACCEPTED {
if {([TCP::local_port] == 80 )} { pool MWS-MDU-COM_HTTP_POOL }
elseif {([TCP::local_port] == 8090...
dragonflymr
Cirrostratus
CirrostratusHi,
If I am not wrong you need to accept HTTPS on standard 443 port instead of HTTP on 80, what about other ports, I assume those still will use HTTP on client side?
If it is so, first step is of course to attach clientssl profile to VS and then selectively enable it in iRule, something like that:
Something like that:
when CLIENT_ACCEPTED {
SSL::disable
if {([TCP::local_port] == 443 )} {
SSL::enable
pool MWS-MDU-COM_HTTP_POOL
}
elseif {([TCP::local_port] == 8090 )} {
pool MWS-MDU-COM_8090_POOL
}
elseif {([TCP::local_port] == 8000 )} {
pool MWS-MDU-COM_8000_POOL
}
elseif {([TCP::local_port] == 8085 )} {
pool MWS-MDU-COM_8085_POOL
}
else reject
}
BTW: It is not important to have wildcard cert, anyway you are using one VS mapped to one FQDN so you can use standard FQDN based one, ports changes are relevant for SSL.
Piotr